Basic Auth using jscript helpers

@QMcKay maybe you can help me. I am writing an integration with a third party API that requires Basic Auth before any requests can be made. They do not allow browser access like https://username:password@api.blah.com/v1/access

I am thinking we do not have a helper for this… I can authenticate with POSTMAN and tested Curl it works by using:

CURL https://api.blah.com/v1/access \
   -u apikey:

Am I right to say we do not have a method for authentication or is there some hidden JSCRIPT i can use to authenticate?

From: https://forum.sambapos.com/t/jscript-helpers-and-functions/

These are all I know of:

web.PostJson(url,jsondata,username,password)`

web.PostData(url,data,[user],[password])

Both functions web.PostData() and web.PostJson() are identical but web.PostJson() function adds "Content-Type", "application/json" header to the request.


You can create your own methods using host.lib() and host.type() helpers as well. They can hook C#/NET methods. Take a look at this topic where we dug into those heplers a bit - Emre explains the difference between the 2 helpers and how to use C# vs. NET …

https://forum.sambapos.com/t/jscript-helpers-web-upload-web-postdata-and-soap-requests/12300/12

2 Likes

Shit my brain is hurting I am trying to make sense of host.lib() helpers.

1 Like

Confusing at first I know. Look at what Emre says and what Paul did to get it to work …

function sendWebCli(){
  var lib = host.lib("System");
  var client = new lib.System.Net.WebClient();
  // return client.DownloadString('https://www.goggle.com');
  
  client.Headers.Add("Content Type", "application/json");
  // client.Headers.Add(<more header stuff like maybe auth>);

  var url = "https://api.blah.com/v1/access";

  var data = 'some formatted data, like json';

  var result = client.UploadString(url,data);
  client.Dispose();
}

For example, when we do GQL Auth using jQuery AJAX, we set up authorization parameters in the header and data, like this:

	jQuery.ajax({
	'type': 'POST',
	'url': aurl,
	cache:false,
	headers: {'Content-Type':'application/x-www-form-urlencoded'},
	data: $.param({grant_type:'password', username:user, password:password, client_id:clientId, client_secret:clientSecret, device_id:deviceId})
	})
	.done(function d(response){
             .........
     })
	.fail(function f(response){
             .........
     });
1 Like

This obviously doesnt work but here is where I am at atm. Is this remotely close you think?

function JSONTest(){
	var lib = host.lib("System");
	var client = new lib.System.Net.WebClient();
	
	client.Headers.Add("Content Type", "application/json");
	client.Headers.Add("Authorization", "Basic AuthKeyblabhlabh");
	
	var url = "https://api.7shifts.com/v1/locations/";
	var data = client.DownloadString(url);
 	return data;
		
}

No way for me to know without knowing how Auth is performed or what it expects to see.

For example, GQL Auth is part of Data, but the Header Content-Type must be set properly as well.

Maybe look at the Weather API that was done using an API Key. That might jog your memory or at least lead you in the right direction.

Is your Key supposed to be part of the URL? Or is it like Form Data?

So the issue is the Key is actually the username for Basic Auth. I can enter the Key for user and password is blank in postman and it works.

It would be simple if they allowed basic auth through url then I could just use the web.Download helper. But apparently they do not allow that.

So it needs to be in the headers somehow.

Here is what I am trying now…I got the headers right from POSTMAN since its working there.

function JSONTest(){
	var lib = host.lib("System");
	var client = new lib.System.Net.WebClient();
	
	client.Headers.Add("Accept", "application/json");
	client.Headers.Add("Glf-Api-Version", "2");
	client.Headers.Add("Authorization", "LONGAPIKEYUSERNAMEFORAUTH");
	
	var url = "https://api.7shifts.com/v1/locations/";
	var data = client.DownloadString(url);
	var json = JSON.parse(data);
 	return json;
		
}

All i get is:

image

Postman says it will automatically generate your headers. So you should be able to look at the Headers tab in Postman to see what it sent and how (the format).

If you look at GQL Auth example with:

Content-Type:application/x-www-form-urlencoded

There is FORM DATA sent like this for example (the last part):

Not saying that is what you need exactly, but you need to figure out what Postman is sending.

OMG I finally got it. I guess it encrypted the key in the auth header… once I copied that it worked.

Guess I made my first helper lol. Now I gotta format it and make it useful.

3 Likes

Awesome!

The host.X helpers are very very very powerful… they open up endless possibilities because you can work directly with C# / NET Libraries and Assemblies, which gives access to almost anything.

2 Likes

Yeah I cant help but wonder why it had to be encrypted surely there is a way I could have done that within the script… but at least its working.